Uploaded image for project: 'Spring Data Commons'
  1. Spring Data Commons
  2. DATACMNS-377

All elements are returned if pageSize = 0

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Complete
    • Affects Version/s: 1.6.1
    • Component/s: None
    • Labels:
      None
    • Environment:
      Spring Data Commons 1.6.1.RELEASE
      Spring Data JPA 1.4.1.RELEASE
      Hibernate4.2.3
      PostgreSQL
    • Sprint:
      SpringOne Aftermath

      Description

      All elements are returned if pageSize = 0 in splite of new option maxPageSize in PageableHandlerMethodArgumentResolver introduced from v1.6.

      Consider the example below

      @ContextConfiguration
      @RunWith(SpringJUnit4ClassRunner.class)
      @Transactional
      @TransactionConfiguration(defaultRollback = true)
      public class CustomerRepositoryTest {
          @Inject
          protected CustomerRepository customerRepository;
      
      
          @Test
          public void testFindAllPageable() {
              System.out.println(customerRepository.findAll(new PageRequest(0, 3)));
              System.out.println(customerRepository.findAll(new PageRequest(0, 0)));
              System.out.println(customerRepository.findAll(new PageRequest(0, -1)));
          }
      
      }
      

      Fist case, only 3 elements are returned with the following SQL

      5. /* select count(*) from Customer as generatedAlias0 */ select count(*) as col_0_0_ from customer customer0_ {executed in 5 msec}
      5. /* select generatedAlias0 from Customer as generatedAlias0 */ select customer0_.customer_code as customer1_3_, customer0_.customer_add as customer2_3_, customer0_.customer_birth as customer3_3_, customer0_.customer_job as customer4_3_, customer0_.customer_kana as customer5_3_, customer0_.customer_mail as customer6_3_, customer0_.customer_name as customer7_3_, customer0_.customer_pass as customer8_3_, customer0_.customer_post as customer9_3_, customer0_.customer_tel as custome10_3_ from customer customer0_ limit 3 {executed in 8 msec}
      

      Third case, IllegalArgumentException is thrown with a message, "Page size must not be less than zero!".

      I think these are correct result.

      However, in second case, all elements are returned with the following SQL

      5. /* select count(*) from Customer as generatedAlias0 */ select count(*) as col_0_0_ from customer customer0_ {executed in 2 msec}
      5. /* select generatedAlias0 from Customer as generatedAlias0 */ select customer0_.customer_code as customer1_3_, customer0_.customer_add as customer2_3_, customer0_.customer_birth as customer3_3_, customer0_.customer_job as customer4_3_, customer0_.customer_kana as customer5_3_, customer0_.customer_mail as customer6_3_, customer0_.customer_name as customer7_3_, customer0_.customer_pass as customer8_3_, customer0_.customer_post as customer9_3_, customer0_.customer_tel as custome10_3_ from customer customer0_ {executed in 7 msec}
      

      Note that there is no 'limit' statement.

      I'm afraid tha it will cause OutOfMemoryError easily and weak for DDoS atack.

      I think it's better to throw IllegalArgumentException if pageSize=0 or replace pageSize by maxPageSize.

        Attachments

          Activity

            People

            Assignee:
            olivergierke Oliver Drotbohm
            Reporter:
            making Toshiaki Maki
            Last updater:
            Trevor Marshall
            Votes:
            2 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: